pomerium/pomerium v0.24.0

on GitHub

What's Changed

Breaking

• config: remove set_authorization_header option by @kenjenkins in #4489
• databroker: remove redis storage backend by @kenjenkins in #4699
• core/config: remove support for base64 encoded certificates by @backport-actions-token in #4725

New

• databroker: build config concurrently, option to bypass validation by @wasaga in #4655

Fixes

• core/identity: fix slow restart by @calebdoxsey in #4542
• core/authenticate: validate the identity profile by @calebdoxsey in #4545
• core/authorize: check for expired tokens by @calebdoxsey in #4543
• core/authenticate: refactor idp sign out by @calebdoxsey in #4582
• core/storage: fix nil data unmarshal by @backport-actions-token in #4739

Changed

• cryptutil: remove unused functions by @kenjenkins in #4541
• Add metric request error in log by @sylr in #4585
• Docs: remove tcp example by @ZPain8464 in #4616
• config: do not add route headers to global map by @kenjenkins in #4629
• identity: override TokenSource expiry behavior by @kenjenkins in #4632
• upgrade envoy to v1.28.0 by @kenjenkins in #4635
• identity: preserve session refresh schedule by @kenjenkins in #4633
• identity: rework session refresh error handling by @kenjenkins in #4638
• core/config: add config version, additional telemetry by @calebdoxsey in #4645
• protoutil: add OverwriteMasked method by @kenjenkins in #4651
• core/hpke: reduce memory usage from zstd by @calebdoxsey in #4650
• core/controlplane: apply configuration changes in a background thread by @calebdoxsey in #4649
• core/config: remove version by @calebdoxsey in #4653
• core/config: refactor change dispatcher by @calebdoxsey in #4657
• core/filemgr: use xxhash instead of sha512 for filenames by @calebdoxsey in #4697
• xds: add type url to log by @wasaga in #4696
• core/events: refactor the events.Target to use mutexes instead of a background goroutine by @calebdoxsey in #4700
• storage/inmemory: implement patch operation by @kenjenkins in #4654
• storage/postgres: implement patch operation by @kenjenkins in #4656
• databroker: add patch method by @kenjenkins in #4704
• proto: add id to certificate by @wasaga in #4706
• databroker: add utility recordset and changeset by @wasaga in #4701
• databroker: add reconciler by @wasaga in #4709
• core/config: refactor file watcher by @calebdoxsey in #4702
• rework session updates to use new patch method by @kenjenkins in #4705
• authorize: reuse policy evaluators where possible by @kenjenkins in #4710
• reconciler: allow custom comparison function by @backport-actions-token in #4727
• core/config: add support for maps in environments by @backport-actions-token in #4728
• authorize: build evaluators cache in parallel by @backport-actions-token in #4731
• core/envoy: fix remove cookie lua script by @backport-actions-token in #4732
• databroker: changeset: prevent nil data in the deleted records by @backport-actions-token in #4737
• integration: renew test certs by @backport-actions-token in #4740

Dependency Updates

• chore(deps): bump node from 850d8e1 to f41231b by @dependabot in #4533
• chore(deps): bump google.golang.org/api from 0.134.0 to 0.138.0 by @dependabot in #4532
• chore(deps): bump github.com/jackc/pgx/v5 from 5.4.2 to 5.4.3 by @dependabot in #4531
• chore(deps): bump github.com/open-policy-agent/opa from 0.55.0 to 0.56.0 by @dependabot in #4530
• chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.4 to 2.0.6 by @dependabot in #4528
• chore(deps): bump github.com/minio/minio-go/v7 from 7.0.61 to 7.0.63 by @dependabot in #4527
• chore(deps): bump github.com/aws/aws-sdk-go-v2 from 1.20.0 to 1.21.0 by @dependabot in #4524
• chore(deps): bump github.com/shirou/gopsutil/v3 from 3.23.7 to 3.23.8 by @dependabot in #4519
• chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 by @dependabot in #4517
• chore(deps): bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by @dependabot in #4499
• chore(deps): bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in #4496
• chore(deps): bump github.com/caddyserver/certmagic from 0.19.1 to 0.19.2 by @dependabot in #4526
• chore(deps): bump github.com/openzipkin/zipkin-go from 0.4.1 to 0.4.2 by @dependabot in #4523
• chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.32 to 1.18.38 by @dependabot in #4522
• chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.38.1 to 1.38.5 by @dependabot in #4521
• chore(deps): bump actions/setup-go from 4.0.1 to 4.1.0 by @dependabot in #4497
• chore(deps): bump docker/setup-buildx-action from 2.9.1 to 2.10.0 by @dependabot in #4498
• chore(deps): bump go.uber.org/zap from 1.24.0 to 1.25.0 by @dependabot in #4516
• chore(deps): bump cloud.google.com/go/storage from 1.31.0 to 1.32.0 by @dependabot in #4518
• chore(deps): bump tibdex/github-app-token from 1.8.0 to 1.8.2 by @dependabot in #4505
• chore(deps): bump mikefarah/yq from 4.34.2 to 4.35.1 by @dependabot in #4503
• chore(deps): bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 by @dependabot in #4502
• chore(deps): bump actions/setup-node from 3.7.0 to 3.8.1 by @dependabot in #4501
• chore(deps): bump @fontsource/dm-mono from 4.5.2 to 5.0.11 in /ui by @dependabot in #4515
• chore(deps-dev): bump ts-node from 10.4.0 to 10.9.1 in /ui by @dependabot in #4279
• chore(deps): bump @fontsource/dm-sans from 5.0.3 to 5.0.11 in /ui by @dependabot in #4508
• chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.38 to 1.18.40 by @dependabot in #4581
• chore(deps): bump golang.org/x/oauth2 from 0.11.0 to 0.12.0 by @dependabot in #4580
• chore(deps): bump cloud.google.com/go/storage from 1.32.0 to 1.33.0 by @dependabot in #4579
• chore(deps): bump busybox from caa382c to 3fbc632 in /.github by @dependabot in #4549
• chore(deps): bump node from f41231b to 7923c64 by @dependabot in #4551
• chore(deps): bump docker/login-action from 2.2.0 to 3.0.0 by @dependabot in #4552
• chore(deps): bump docker/metadata-action from 4.6.0 to 5.0.0 by @dependabot in #4553
• chore(deps): bump docker/build-push-action from 4.1.1 to 5.0.0 by @dependabot in #4554
• chore(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in #4557
• chore(deps): bump coverallsapp/github-action from 2.2.1 to 2.2.3 by @dependabot in #4560
• chore(deps): bump docker/setup-qemu-action from 2.2.0 to 3.0.0 by @dependabot in #4559
• chore(deps): bump tibdex/github-app-token from 1.8.2 to 2.0.0 by @dependabot in #4556
• chore(deps): bump goreleaser/goreleaser-action from 4.4.0 to 5.0.0 by @dependabot in #4563
• chore(deps): bump @fontsource/dm-mono from 5.0.11 to 5.0.12 in /ui by @dependabot in #4573
• chore(deps): bump github.com/klauspost/compress from 1.16.7 to 1.17.0 by @dependabot in #4566
• chore(deps): bump google.golang.org/api from 0.138.0 to 0.141.0 by @dependabot in #4578
• chore(deps): bump go.uber.org/zap from 1.25.0 to 1.26.0 by @dependabot in #4577
• chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.58.1 by @dependabot in #4575
• chore(deps): bump github.com/CAFxX/httpcompression from 0.0.8 to 0.0.9 by @dependabot in #4572
• chore(deps): bump github.com/rs/cors from 1.9.0 to 1.10.0 by @dependabot in #4574
• chore(deps): bump github.com/docker/docker from 24.0.2+incompatible to 24.0.6+incompatible by @dependabot in #4570
• chore(deps): bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot in #4562
• chore(deps): bump docker/setup-buildx-action from 2.10.0 to 3.0.0 by @dependabot in #4555
• chore(deps): bump distroless/base from b0216a3 to 46c5b9b in /.github by @dependabot in #4550
• chore(deps): bump @mui/icons-material from 5.3.1 to 5.14.9 in /ui by @dependabot in #4567
• chore(deps): bump @fontsource/dm-sans from 5.0.11 to 5.0.12 in /ui by @dependabot in #4561
• chore(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.6 to 2.0.7 by @dependabot in #4607
• chore(deps): bump node from 7923c64 to 2daec43 by @dependabot in #4609
• chore(deps): bump github.com/open-policy-agent/opa from 0.56.0 to 0.57.0 by @dependabot in #4606
• chore(deps): bump actions/checkout from 4.0.0 to 4.1.0 by @dependabot in #4611
• chore(deps): bump tibdex/github-app-token from 2.0.0 to 2.1.0 by @dependabot in #4612
• chore(deps): bump mikefarah/yq from 4.35.1 to 4.35.2 by @dependabot in #4610
• chore(deps): bump google.golang.org/api from 0.141.0 to 0.143.0 by @dependabot in #4608
• chore(deps): bump github.com/shirou/gopsutil/v3 from 3.23.8 to 3.23.9 by @dependabot in #4605
• chore(deps): bump github.com/prometheus/client_golang from 1.16.0 to 1.17.0 by @dependabot in #4603
• chore(deps): bump github.com/prometheus/procfs from 0.11.1 to 0.12.0 by @dependabot in #4602
• chore(deps): bump @fontsource/dm-sans from 5.0.12 to 5.0.13 in /ui by @dependabot in #4593
• chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.18.40 to 1.18.42 by @dependabot in #4599
• chore(deps): bump github.com/rs/zerolog from 1.30.0 to 1.31.0 by @dependabot in #4598
• chore(deps): bump @fontsource/dm-mono from 5.0.12 to 5.0.14 in /ui by @dependabot in #4619
• chore(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.38.5 to 1.40.0 by @dependabot in #4600
• chore(deps): bump github.com/rs/cors from 1.10.0 to 1.10.1 by @dependabot in #4601
• chore(deps): bump golang.org/x/net from 0.15.0 to 0.17.0 by @dependabot in #4626
• chore(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 by @dependabot in #4640
• chore(deps): bump github.com/docker/docker from 24.0.6+incompatible to 24.0.7+incompatible by @dependabot in #4646
• core/go: upgrade go.mod by @calebdoxsey in #4711

Full Changelog: v0.23.0...v0.24.0